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(54) Method and apparatus for a secure mumcast transmission 



(57) A method arid apparatus for a secure multicast 
transmission is provided. A secure multicast transmis- 
sion reservation, received at a multicast session secu- 
rity platform, is sent from a sender of a secure multicast 
transmission and may include, for example, information 
about the secure multicast transmission and information 
about which mufticast receivers are authorized to 
receive the secure multicast transmission. The multicast 
session security platform also receives a request for 
security information from a requesting multicast 
receiver. The multicast session security platform may 



include, for example, a multicast session security server 
capable of comrnunicating with a plurality of senders 
and a plurality of requesting receivers. It is determined, 
using information from the reservation, if the requesting 
receiver is authorized to receive the secure multicast 
transmission. If so, multicast transmission security infor- 
mation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver. 
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Description 

Feid of the Invention 

[0001] The present invention relates to murticast 
transmissions. More particularly, the present invention 
relates to a method and apparatus that may be used to 
provide a secure mufticast transmission. 

packground of the Invention 

[0002] Many different types of information can be 
sent through a data communication network such as the 
Internet. The types of information include, for example, 
streams of text (including software), images (including 
stifl arxi moving images) and audio information. 
Streams that combine different types of information, 
such as multimedia content, can be transmitted as well. 
[0003] A communication network user can request 
an infbmnation stream directly from an information 
source, or "sender," which responds to the request by 
sending the stream to the user. This method of serding 
an information stream from a single point, such as the 
sender, to a single point, such as the user, is called a 
"unicasT transmission. The sender may also ''broad- 
cast" the information stream through the communication 
network by sending the information to routers in the 
comrrujnication network even if no user downstream 
from a particular router is going to receive the stream. 
[0004] Both unicast and broadcast transmissions, 
howeva-, can be very ineffidenl With a unicast trans- 
mission scheme if the sender wishes to send informa- 
tion to a number of receivers, the sender must transmit 
a number of separate streams of information into tiie 
network, even though each stream contains exactiy the 
same information. Moreover, each stream must be indi- 
vidually handled by communication nodes, or routers, in 
the network. Such an approach can result in an unac- 
ceptable amount of traffic in the netvwork. A broadcast 
transmission can be inefficient because some routers 
may be tied up handling information streams even if no 
user downstream from a particular router receives the 
information, which is also inefficient. 
[0005] As an alternative to a unicast or broadcast 
transmission, the information stream can be sent from a 
single point to multiple points. This method of sending 
information, called a "multicast" transmission, is illus- 
trated in FIG. 1, which shows a block diagram of a 
known system for transmitting a multicast information 
stream through a communication network 200. The 
comnnunication network 200 has a nurrtDer of multicast- 
capable routers 202, and information enters the network 
as a single stream from a multicast device 210, or 
sender, to a one of those routers 202. As the str^m 
travels trough the network 200, the routers 202 cfivide 
the stream into multiple streams as required to send tiie 
information downstream to other routers 202 and/or to 
locally attached interested devices 110, or "receivers." 



A user who wants to receive a particular multicast trans- 
mission can, for example, use Internet Group Manage- 
ment Protocol (IGMP) to send a "join" message to a 
local multicast-capable router 202. 
5 [0006] Note that with a multicast transmission, the 
link between the sender 210 and the communication 
network 200 only needs to carry a single stream of nujl- 
ticast information. 

[0007] Depending on the nature of the multicast 

w transmission, the sender 210 ard/or receiver 110 of a 
multicast stream may desire to make the transmission 
"secure." For exanple. the parties may want to make 
sure that the transmission is not received by other, 
"unauthorized," receivers. The parties may also need to 

IS verify tiiat the transmission actually originates from the 
sender 210 and has not been tampered witii or altered. 
To provkje this type of security, multicast transmission 
security information can t>e used by both the sender 21 0 
and the receiver 110. The Internet Protocol version 6 

20 (IPv6) Internet. Protocol Security (IPSEC) standard is 
one example of an architecture that can be used to pro- 
vide a secure multicast transmission, and is described 
in Kent Stephen, "Security Architecture for tiie Internet 
Protocol." Network Working Group (July 1998), the 

25 entire disclosure of which is hereby incorporated by ref- 
erence. The IPSEC protocol defines, for example. 
Authentication Header (AH) and Encapsulating Security 
Payioad (ESP) headers, which are generally transpar- 
ent to applications and routers, that can be used to pro- 

30 vide a secure transmission. Both the AH arxJ ESP 
headers contain a Security Parameter Index (SPI) 
which, along with an IP destination address, identifies a 
Security Association (SA) needed to receive the multi- 
cast transmission. In general, for example, IPSEC AH 

36 information provides integrity checkirig information that 
lets a receiver detect if a packet was forged or modified 
while traveling across a data network. 
[0008] Typically, each receiver 1 1 0 needs to individ- 
ually request the multicast transmission security intor- 

40 mation from the sender 210. The sender 210 then 
determines if a requesting receiver 1 10 is authorized to 
receive the secure multicast transmission, arxl, if so, 
separately delivers the multicast transmission security 
information to each receiver 110. The receivers 1 10 can 

45 then use the multicast transmission security information 
to, for example, decode a secure multicast transmission 
from the sender 210. 

[0009] This approach, however, may not be practi- 
cal if the sender 210 needs to send a secure multicast 

50 transmission to a large number of receivers 1 10. In this 
case, the sender 210 must individually communicate, 
for example, with tens of thousands requesting receiv- 
ers 110. often simultaneously, are! separately process 
each request Moreover, a large nunrtoer of separate 

55 responses, including the nrwlticast transmission security 
information, must be sent back through the communica- 
tion network 200. This eliminates sonne of the benefits 
of using multicast technology, such as. for example, let- 
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ting the link between the sender 210 and the communi- 
cation network 200 carry only a small anx)unt of 
information. 

[0010] Another problem with known methods of 
providing multicast transmission security information is 
that the information each receiver 110 mus* provide to 
demonstrate that he or she is authorized to receive the 
secure mufticast transmission may be sensitive. Such 
information may include, for example, a credit card 
number or home address, and people may hesitate to 
provide this type of information to an unfamiliar sender 
210. In addition, a sender 210 may need to coordinate 
billing and collection procedures for a large numt^er of 
receivers 110, which can be a difficult task. 
[0011] In view of the foregoing, it can be appreci- 
ated that a siA>stantial need exists for a melfiod and 
apparatus that provkJes multicast transmission security 
information and solves the problems discussed above. 

Summary of The Invention 

[0012] The disadvantages of the art are alleviated 
to a great extent by a method and apparatus tfiat pro- 
vides multicast transmission security irtformation. A 
secure mutticast transmission reservation is received at 
a multicast session security platform. The reservation is 
received from a sender of a secure multicast transmis- 
sion and may inclixle, for example, information about 
the secure multicast transmission and information about 
which multicast receivers are authorized to receive the 
secure multicast transmission. The multicast session 
security platform also receives a request for security 
information from a requesting multicast receiver. The 
multicast session security platform may include, for 
example, a multicast session security server capatjie of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the reservation, if the requesting receiver is 
authorized to receive the secure multicast transmission. 
If so. the mufticasl trarremission security information, 
such as the SA information needed to receive the 
secure muWcasl transmission, is sent to the requesting 
receiver. The SA information may comprise, for exanv 
ple, an authentication key, and authentication key and a 
key life-time, along with other informatioa 
[0O13] With tfiese and other advantages and fea- 
tures of the invention that will become hereinafter 
apparent the nature of the invention may be more 
clearly understood by reference to the following detailed 
desaiption of the invention, the appended daims and to 
the sey^eral drawings attached herein. 

Brief Descri ption of The Drawings 
[0014] 

FIG. 1 is a block diagram of a known system that 
transmits a mutticast information stream through a 



communication network. 

FIG. 2 is a bkjck diagram including a system that 
provides multicast transmission security inforna- 
5 tion according to an errt)odiment of the present 
invention. 

FIG. 3 is a more detailed block diagram of a system 
tiTat provides multicast transmission security infor- 
10 mation according to an embodiment of the present 
invention. 

FIG- 4 is a flow diagram of a method for providing 
multicast transmission security information accord- 
75 ing to an embodiment of the preserrt invention. 

Detailed Description 

[0015] The present invention is directed to a 
20 metiiod and apparatus that provides multicast transmis- 
sion security information. Referring now in detail to the 
drawings wherein like parts are designated by like refer- 
ence numerals throughout, there is illustrated in FIG. 2 
a block diagram including a multicast session security 
25 platform 300 that provides multicast transmission secu- 
rity information for a communication network 200 
according to an entfxxJiment of the present invention. 
The communication network 200 comprises a nuni>er 
of multicast-capable routers 202 that let a sender 220 
30 transmit a nrujtticast information stream to a number of 
receivers 120. 

[001 6] According to an emtxxiiment of tiie present 
invention, the multicast session security platform 300 
receives a secure multicast transmission reservation 

35 from the sender 220 of a secure multicast transmission. 
The reservation may include, for exanple, information 
about the secure mutticast transmissran such as the 
title, date, time of day and duration of the transmission. 
[001 7] The reservation may also include the partic- 

40 ular security information, such as a group key or a 
IPSEC SA. needed to receive the secure multicast 
transmission, and information about which nnufticast 
receivers 120 are authorized to receive the secure mul- 
ticast transmission. For example, a franchisor corpora- 

45 tion may want to send a multicast transmission 
containing sensitive f inancial information to a number of 
franchisee corporations. In this case, the reservation 
may include a list of authorized names and passworcte 
associated with each franchisee corporation. 

50 [0018] Instead of a list of authorized receivers, the 
reservation may include billing information, such as a 
price that must be paid by a requesting receiver 120 
before he or she will be authorized to receive the multi- 
cast transmission. For example, the reservation may 

55 indicate ttiat anyone who pays five dollars is authorized 
to receive a partteular multicast transmission of movie. 
[001 9] The multicast session security platform 300 
also receives a request for multicast transmission secu- 
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rity information from a requesting multicasl receiver 
1 20. The request may be received using a secure trans- 
mission, such as a secure unicast IPSEC transmission. 
The seccure unicast transmission may l>e established 
using known public key techniques. As part of the initial 
request, or through some further interaction after the ini- 
tial request, the receiver 120 will provide information to 
the multicast session security platform 300, such as, for 
exanple. (a) the name or nature of the multicast trans- 
mission the receiver 120 wants to receive, (b) an identi- 
fier, such as a name and password, associated with the 
receiver 120 and/or (c) a credit card number or other 
billing information. 

[0020] The multicasl sessbn security platform 300 
then determines if the requesting multicast receiver 120 
is authorized to receive the secure nruilticast transmis- 
sion. This may be done, for exanple, by comparing the 
name and password of the receiver 120 with a list of 
authorized names and passwords contained in the res- 
ervation. If the requesting multrcast receiver 120 is 
authorized, the multicast session security platform 300 
responds with the multicast transnnission security infor- 
mation, such as the IPSEC SA information. The 
approved receiver 120 can then use this information to 
receive the secure multicast transmissron from the 
sender 220. 

[0021] According to an en*odiment of the present 
invention, the multicast session security platform 300 
may be configured to handle reservations and requests 
from a large number of senders 220 and receivers 120. 
For example, the multicast session security platform 
300 may have a number of pre-approved subscribers 
who are authorized to receive certain types of multicast 
transmissions or transmissions from certain senders 
220. As shown in FIG. 2. the multicast session security 
platform 300 may send the security information to a 
nunr^er of personal conputers. If desired, however, the 
platform could send the information to, for exanple, a 
secure teleptone or fax machine, a wireless Personal 
Digital Assistant (PDA) or any other type of communica- 
tion device. In addition, the security information may be 
sent through the same communrcation network 200 that 
will be used to transmit the secure multicast session, or 
through some other communication network. 
[0022] Moreover, the multicast session security 
platform 300 may transmit statistics to the sender 220, 
such as the total nurTt>er of currently approved receiv- 
ers 120 or a total amount of money that has been col- 
lected from those receivers 1 20. 
[0023] FIG. 3 is a more detailed block diagram of a 
system that provides multicast transmission security 
information for an IP multicast network 205 according to 
an embodiment of the preserrt invention. A multicast 
session security platform 300 includes a multicast ses- 
5k)n security server 350 connected to IP multicast net- 
work 205 through a communication port 352 (e.g., an 
Ethernet port). The IP multicast network 205 is com- 
prised of a nunrtwr of IP nrajlticast-capable routers 207, 
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and the Multicast Backbone (MBone) is one example of 
such a communication network. 
[0024] According to an embodiment of the present 
invention, the multicast session security server 350 

5 receives a secure multicast transmission reservation 
from a sender 230 of a secure multicast transmission. 
This may be done, for example, using a Multicast Secu- 
rity Client (MSC) application 235 installed cm the sender 
230 and configured with the IP address of one or more 

10 multicast session security servers 350. The nnulticast 
session security server 350 ar^J the MSC application 
135 may be configured to let the sender 230 submit the 
reservation using a communication network information 
page, such as a World Wide Web ("Web*) page trans- 

15 mitted through the Internet 

[0025] As described above with respect to FIG. 2. 
the reservation may include, for example, (a) the title, 
date, time of day and duration of the transmission, (b) 
an IPSEC SA - such as one using the Internet Security 

20 Association and Key Management Protocol (ISAKMP) 
framework - needed to receive the transmission, (c) a 
list of names and passwords associated with authorized 
receivers 130 and/or (d) an admission policy, such as a 
price that must be paid by each requesting receiver 130 

25 before he or she will be authorized to receive the trans- 
mission. The reservation information may be stored in a 
reservation database 310 atong with reservations for 
other multicast transmissions and/or other multicast 
senders 230. 

30 [0026] The multicast sessron security server 350 
also receives a request for multicast transmission secu- 
rity information from a number of requesting multicast 
receivers 130. This may be done using, for example, a 
MSC application 135 running on the receiver 130. which 

35 way be configured to let a receiver request the security 
information through a W^ page. This request may be 
generated by the MSC application 135 without any 
explicit action by a user. Note that, if required, a multi- 
cast-unicasl gateway may be installed between the IP 

40 multicast network 205 and either the sender computer 
230 or the receiver computer 130. The request may be 
received using a secure transmission, such as a secure 
unicast IPSEC transmission, and may include, for 
exanple. the name of a multicast transmission, a 

45 requesting name and password, and a aedrt card 
nunrtoer. User information, such as information associ- 
ated with a subscriber of the multicast session security 
platform 300. may also be stored in a user database 
320. Such information may include the type of multicast 

50 transmissions a subscnl^er is authorized to receive, or 
other information based on, for example, a form filled 
out by the user when he or she sut>scrtoes to the serv- 
ice. 

[0027] The multicast session security server 350 
55 then determines if a requesting multicast receiver 1 30 is 
authorized to receive the secure multicast transmission. 
If the requesting multicast receiver 130 is authorized, 
the multicast session security server 350 responds with 
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the rrttjiticast transmission security information, such as 
the IPSEC SA information. The SA information is used 
to establish the specific implementation of IPSEC pro- 
tection that will be used during the secure multicast 
transmission. The SA information may indicate, for 5 
exanrple, what types of keys are required and how the 
transmission will be enaypted or authenticated. The SA 
information may also include a specific destination IP 
address, authentication key, session key and SPI that 
are needed to receive the multicast transmission. The 10 
approved receiver 130 may tfien use this information to 
receive the secure multicast transmission from the 
sender 230. Note that tine information may requested, 
received and used by an approved receiver 130 - all 
without tile user being aware of the operation, *rf desired. 15 
[0028] FIG. 4 is a flow diagram of a method tiiat 
provides multicast tiansmission security information for 
a communication network, such as the Internet, accord- 
ing to an embodiment of the present invention. At step 
410, a secure multicast ti^smission reservation is 20 
received at a Multicast Session Security Platform 
(MSSP). The reservation is received from a sender of a 
secure multicast transmission and may include, for 
example, information about the secure multicast trans- 
mission and information akx5ut which multicast receivers 2S 
are authorized to receive Ihe secure multicast transmis- 
sion. 

[0029] The multicast session security platform also 
receives a request for security irrformation from a 
requesting multicast receiver as indicated at step 420. 30 
The multicast session security platform may indude. for 
exanple, a multicast session security server capatjie of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the resenration, if a requesting receiver is 35 
autiiorized to receive tiie secure multicast transmission 
at step 430. If so. tiie multicast transmission security 
infomnation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver at step 440. 40 
[0O3O] Although varfous err^xxJiments are specifi- 
cally illustrated and described herein, it will be appreci- 
ated that modifications and variations of the present 
inventfon are covered by tiie above teachings and within 
the purview of the appended daims without departing 45 
from the spirit and intended scope of the invention. For 
exanple, although particular system architectures were 
used to illustrate ttie present inverrtion. it can be appre- 
dated tfiat otiier architectures may be used instead. 
Similarly, arthough particular types of security protocols so 
have been illustrated, otiier security protocols will also 
fall within the scope of the invention. Rnally. although 
software or hardware are described to control certain 
furKrtions. such functions can be performed using either 
software, hardware or a contf)ination of software and ss 
hardware, as is weD known in tiie art As is also known, 
software may be stored on a medium, such as. for 
example, a hard or f toppy disk or a Compact Dfek Read 



Only Memory (CD-ROM), in the form of instructions 
adapted to be executed by a processor. The insti-uctions 
may be stored on the medium in a compressed and/or 
encrypted fonrat. As used herein, the phrase "adapted 
to be executed by a processor" is meant to encompass 
instructions stored in a compressed and/or encrypted 
fomnat. as well as instructions that have to be conpiled 
or installed by an installer before being executed by ttie 
processor. 

Claims 

1 . A method of supplying multicast transmission secu- 
rity information to a plurality of requesting nuilticast 
receivers, the multicast transmission security infor- 
mation being configured to enable recapt of a 
secure multicast transm^on. comprising the 
steps of: 

establishing an individual secure unicast chan- 
nel for each of the plurality of requesting mutti- 
cast receivers, the secure unicast channels 
being established using security information 
different from tiie rrwlticast transmission secu- 
rity information; 

receiving, through the secure unicast channel, 
auttwrization infomiatfon from each of the plu- 
rality of requesting multicast receivers; 

determining if each of plurality of requesting 
multicast receivers is authorized to receive the 
secure multicast transmission; and 

sending, through the secure unicast channel, 
the multicast ti-ansmission security information 
to each of the authorized requesting multicast 
receivers. 

2. The methKxl of claim 1 . wherein the multicast trans- 
mission security information comprfees Intemet 
Protocol Security (IPSEC) information needed to 
receive the secure multicast transmission. 

3. A method for providir^ multicast transmission secu- 
rity information, comprising the steps of: 

receiving, at a multicast session security plat- 
form, a secure muiticast transmission reserva- 
tion from a sender of a secure multicast 
trar^issfon. the secure multicast transmis- 
sion reservation corrprising information about 
the secure multicast transmission; 

receiving, at the multicast session security plat- 
form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver; and 
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determining if the requesting niulticast receiver 
is authorized to receive the secure multicast 
transmission. 

4. The method of claim 3, further comprising: s 

sending frie muiticast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure nrwlticast transmis- io 
sion. 

5. The method of claim 3, wherein the secure multi- 
cast transmission reservation further corrprlses 
information atx>ut which multicast receivers are is 
authorized to receive the secure multicast transmis- 
sion, and wherein said step of determining is per- 
formed using information from the secure multicast 
transmission reservation. 

20 

6. Tlie method of claim 3. wherein the secure multi- 
cast transmission reservation further comprises the 
multicast transmission security Information. 

7. The method of claim 4, wherein said step of receiv- 2S 
ing comprises receiving a plurality of requests for 
the multicast transmission security information from 

a plurality of requesting multicast receivers, and 
wherein said steps of determining and serxjing are 
performed for each of the plurality of requesting 30 
multicast receivers. 

8. The method of claim 3. wherein the multicast trans- 
mission security information comprises Internet 
Protocol Security (IPSEC) information needed to 35 
receive the secure multicast transmission. 

9. The method of claim 8, wherein the IPSEC informa- 
tion conprises Security Association (SA) informa- 
tion needed to receive the secure multicast 4o 
transmission. 

10. The method of claim 3. wherein said step of receiv- 
ing comprises receiving the request for multicast 
trar^smission security information as a unicast Inter- 4S 
net Protocol Security (IPSEC) transmission. 

1 1 . The method of claim 3, further conrprising the step 
of: 

so 

receiving billing information from the request- 
ing multicast receiver. 

12. The method of claim 7. wherein said step of deter- 
mining is performed using the billing information ss 
received from the requesting multicast receiver. 

13. The method of claim 3, further conrprising the step 



of: 

sending billing infomrmtion to the sender of the 
secure multicast transmission. 

14. The method of daim 3. wherein the secure multi- 
cast transmission reservation is received using a 
communication netwak information page. 

15. The method of daim 3, wherein the request for mul- 
ticast transmission security infornrBtion is received 
using a communication network information page. 

16. A method for providing Internet Protocol Security 
(IPSEC) Security Association (SA) information 
related to a secure multicast transmission, compris- 
ing the steps of: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of the secure nulticast 
transmissioa wherein the secure multicast 
transmission reservation indujes the IPSEC 
SA information and information about author- 
ized multicast receivers; 

receiving, at the multicast session security plat- 
form, a plurality of requests for the IPSEC SA 
information from a plurality of requesting rrujlti- 
cast receivers; 

determining if each of the plurality of request- 
ing multicast receivers is authorized to receive 
the IPSEC SA information based on informa- 
tion about authorized multicast receivers con- 
tained in tiie secure multicast transmission 
reservation; and 

sending the IPSEC SA information to author- 
ized requesting multicast receivers. 

1 7. A multicast session security platform, comprising: 

a first comnujnication port configured to 
receive a secure multicast transmission reser- 
vation, induding multicast transmission secu- 
rity information and information about 
authorized multicast receivers, from a sender 
of a secure multicast trar^ission; 
a second communication port configured to 
receive a plurality of requests for the multicast 
transmission security inforrr^tion from a plural- 
ity of requesting multicast receivers; and 
a server system coupled to said first and sec- 
ond communication ports, said server system 
being configured to determine if each of the 
plurality of requesting multk;ast receivers is 
authorized to receiv© the multicast transmis- 
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sion security information ba^ed on the informa- 
tion about authorized multicast receivers 
contained in the secure murtic^ transmission 
reservation. 

5 

18. An artide of maruifacture conprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, d^ine a series of 
steps for providing multicast trarrsmission security io 
information, said steps conprising: 

receiving, at a nujlticast session security plat- 
form, a secure muiticast transmission reserva- 
tion from a sender of a secure multicast is 
transmission, the secure multicast transmis- 
sion reservation comprising information atxjut 
tiie secure multicast transmission; 

receiving, at the multicast session security plat- 20 
form, a request for the multicast transmission 
security irtformation from a requesting nrtultl- 
cast receiver; and 

determining if the requesting multicast receiver 25 
is authorized to receive the secure multicast 
transmission. 

19. The medium of claim 18, wherein the steps further 
comprise: 30 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure multicast transmis- 35 
sion. 

20. The medium of daim 18. wherein the secure multi- 
cast transmissfon reservation further conrprises 
information atx^ut which multicast receivers are 4o 
authorized to receive the secure nrufticast transmis- 
sion, and wherein the step of determining is per- 
formed using information from the secure multicast 
transmission resen/ation. 

45 

21. An artide of manufacture conprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, d^ine a series of 
steps for receiving multicast transmission security so 
information, said steps conrprising: 

sending a request for the multicast transmis- 
sion security information to a multicast session 
security platform, the request induding at least 55 
one of (a) user identification information, (b) 
billing information and (c) multicast transmis- 
sion identification infc^mation; 



receiving the multicast transmission security 
information from the multicast session security 
platform; and 

receiving, using the multicast transmission 
security information, a secure multicast trans- 
mission from a sender other ttan the multicast 
session security platfomri. 



7 



EP 0 994 600 A2 




8 



EP0994 600A2 



C5 
0<4 




5: 





2E 


o 


0= 


to 




to 




to 




»— 


GU 


to 




-s: 




o 






=5 


in 


LU 




to 




I 



9 



EP0994 600A2 




10 



EP0 994 600 A2 



FIG, 4 



MSSP RECEIVES RESERVAHON 1^ iiq 
FROM SENDER ' 



MSSP RECEIVES REQUEST 
FOR SECURITY INFORMATION |-^420 
FROM REQUESTING RECEIVER 



IS REQUESnNG RECEIVER 
AUTHORIZED TO RECEIVE 
SECURE MULTICAST 
TRANSMI SSION ? 

?ES 



430 



SEND SECURITY INFORMAHON 
TO REQUESTING RECEIVER 



440 




11 



